Action may be required to prevent your Let's Encrypt certificate renewals from breaking.
If you already received a similar e-mail, this one contains updated information.
Your Let's Encrypt client used ACME TLS-SNI-01 domain validation to issue a certificate in the past 60 days. Below is a list of names and IP addresses validated (max of one per account):
DNS Domain Name (IP Address) on 2018-12-08
TLS-SNI-01 validation is reaching end-of-life. It will stop working temporarily on February 13th, 2019, and permanently on March 13th, 2019.
Any certificates issued before then will continue to work for 90 days after their issuance date.
You need to update your ACME client to use an alternative validation method (HTTP-01, DNS-01 or TLS-ALPN-01) before this date or your certificate renewals will break and existing certificates will start to expire.
Our staging environment already has TLS-SNI-01 disabled, so if you'd like to test whether your system will work after February 13, you can run against staging: https://letsencrypt.org/docs/staging-environment/
If you're a Certbot user, you can find more information here:
https://community.letsencrypt.org/t/how ... tbot/83210
Our forum has many threads on this topic. Please search to see if your question has been answered, then open a new thread if it has not:
For more information about the TLS-SNI-01 end-of-life please see our API
https://community.letsencrypt.org/t/feb ... port/74209
Let's Encrypt Staff
Questions and answers about how to do stuff
5 posts • Page 1 of 1
Hello! I'm receiving the following email regarding Let's Encrypt and the certificate no longer working in my EFA Project Box (188.8.131.52) after Feb 13. Any ideas on how to fix this so the EFA box will request the proper certificate type? Thanks!
Unfortunately, I do not have a solution yet. I was hoping someone could give direction here. We can't be the only two with this issue. Let's Encrypt documentation on certbot did not lead me anywhere as it doesn't seem to follow Let's Encrypt's rules although I did find out that they require version 0.28 and EFA seems to be running on 0.20 currently. Worried about updating it and breaking something else with SSL.